Matador — Autonomous Bug Hunting Platform

Autonomous security testing that thinks like a bug bounty hunter.

Linux · macOS · WSL

$ curl -sL https://matador.indiesecurity.com/LATEST.sh | sh

Get your API key at dashboard.indiesecurity.com

01 — Install

Single binary. No dependencies. Supports Linux (x86_64, ARM64), macOS (Apple Silicon, Intel), and WSL2.

02 — Get your API key

Sign up and generate a key from the dashboard. Free tier includes the core testing pipeline and community vault. Premium keys unlock proprietary research, advanced methodology, and higher rate limits. Triage as a Service provides expert validation and feedback on your findings — human reviewers help your agents learn from mistakes.

03 — Authenticate & Configure

Login with your API key or OAuth. Set test email credentials for account registration on targets. LLM is auto-detected — supports Claude Code, OpenAI Codex, Ollama, or any custom binary.

04 — Hunt

Add scope, start hunting, monitor progress. Use with Claude Code skill file for the best experience, or use the CLI directly.

$ matador target add staging --scope "*.staging.company.com"
$ matador hunt staging

Pipeline: S0 Recon → S1 Mapping → S2 Attack → S3 Triage → S4 Report

05 — Scale with daemons

Run on multiple machines to multiply your hunting power. Each instance hunts independently with its own LLM and compute. All findings centralized in the dashboard.

Your data never leaves.

Everything runs on your machine. The only outbound traffic is license validation and vault sync. No targets, no findings, no prompts leave your machine.

Bring your own LLM

Auto-detects Claude Code, OpenAI Codex, or Ollama. Or set any custom command.